From 199a72e62a97d06dc53496fcb4dece64a0671adb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Wed, 14 Feb 2018 22:14:28 +0100 Subject: [PATCH] Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Fabiano FidĂȘncio --- ...dd-checks-for-user-and-host-category.patch | 154 ++++++++++++++++++ sssd.spec | 7 +- 2 files changed, 160 insertions(+), 1 deletion(-) create mode 100644 0082-DESKPROFILE-Add-checks-for-user-and-host-category.patch diff --git a/0082-DESKPROFILE-Add-checks-for-user-and-host-category.patch b/0082-DESKPROFILE-Add-checks-for-user-and-host-category.patch new file mode 100644 index 0000000..1126cf2 --- /dev/null +++ b/0082-DESKPROFILE-Add-checks-for-user-and-host-category.patch @@ -0,0 +1,154 @@ +From b72e444bc1cd2fe8d9617f09b446c678d4684fff Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= +Date: Mon, 22 Jan 2018 00:02:43 +0100 +Subject: [PATCH] DESKPROFILE: Add checks for user and host category +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +freeipa-deskprofile-plugin can have both user and host category set as +"all" and when it happens, no users and groups or hosts or hostgroups +are going to be set. + +Let's treat this expected (but so far missed) situation on SSSD side. + +Resolves: +https://pagure.io/SSSD/sssd/issue/3449 + +Signed-off-by: Fabiano FidĂȘncio + +Reviewed-by: Jakub Hrozek +--- + src/providers/ipa/ipa_deskprofile_rules_util.c | 100 ++++++++++++++++++++----- + 1 file changed, 82 insertions(+), 18 deletions(-) + +diff --git a/src/providers/ipa/ipa_deskprofile_rules_util.c b/src/providers/ipa/ipa_deskprofile_rules_util.c +index 53c433145..01b7d0527 100644 +--- a/src/providers/ipa/ipa_deskprofile_rules_util.c ++++ b/src/providers/ipa/ipa_deskprofile_rules_util.c +@@ -684,6 +684,8 @@ ipa_deskprofile_rules_save_rule_to_disk( + TALLOC_CTX *tmp_ctx; + const char *rule_name; + const char *data; ++ const char *hostcat; ++ const char *usercat; + char *shortname; + char *domainname; + char *base_dn; +@@ -722,6 +724,28 @@ ipa_deskprofile_rules_save_rule_to_disk( + goto done; + } + ++ ret = sysdb_attrs_get_string(rule, IPA_HOST_CATEGORY, &hostcat); ++ if (ret == ENOENT) { ++ hostcat = NULL; ++ } else if (ret != EOK) { ++ DEBUG(SSSDBG_TRACE_FUNC, ++ "Failed to get the Desktop Profile Rule host category for rule " ++ "\"%s\" [%d]: %s\n", ++ rule_name, ret, sss_strerror(ret)); ++ goto done; ++ } ++ ++ ret = sysdb_attrs_get_string(rule, IPA_USER_CATEGORY, &usercat); ++ if (ret == ENOENT) { ++ usercat = NULL; ++ } else if (ret != EOK) { ++ DEBUG(SSSDBG_TRACE_FUNC, ++ "Failed to get the Desktop Profile Rule user category for rule " ++ "\"%s\" [%d]: %s\n", ++ rule_name, ret, sss_strerror(ret)); ++ goto done; ++ } ++ + rule_prio = talloc_asprintf(tmp_ctx, "%06d", prio); + if (rule_prio == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to allocate rule priority\n"); +@@ -753,26 +777,66 @@ ipa_deskprofile_rules_save_rule_to_disk( + goto done; + } + +- ret = ipa_deskprofile_rule_check_memberuser(tmp_ctx, domain, rule, +- rule_name, rule_prio, +- base_dn, username, +- &user_prio, &group_prio); +- if (ret != EOK) { +- DEBUG(SSSDBG_CRIT_FAILURE, +- "ipa_deskprofile_rule_check_memberuser() failed [%d]: %s\n", +- ret, sss_strerror(ret)); +- goto done; ++ if (usercat != NULL && strcasecmp(usercat, "all") == 0) { ++ user_prio = talloc_strdup(tmp_ctx, rule_prio); ++ if (user_prio == NULL) { ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ "Failed to allocate the user priority " ++ "when user category is \"all\"\n"); ++ ret = ENOMEM; ++ goto done; ++ } ++ ++ group_prio = talloc_strdup(tmp_ctx, rule_prio); ++ if (group_prio == NULL) { ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ "Failed to allocate the group priority " ++ "when user category is \"all\"\n"); ++ ret = ENOMEM; ++ goto done; ++ } ++ } else { ++ ret = ipa_deskprofile_rule_check_memberuser(tmp_ctx, domain, rule, ++ rule_name, rule_prio, ++ base_dn, username, ++ &user_prio, &group_prio); ++ if (ret != EOK) { ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ "ipa_deskprofile_rule_check_memberuser() failed [%d]: %s\n", ++ ret, sss_strerror(ret)); ++ goto done; ++ } + } + +- ret = ipa_deskprofile_rule_check_memberhost(tmp_ctx, domain, rule, +- rule_name, rule_prio, +- base_dn, hostname, +- &host_prio, &hostgroup_prio); +- if (ret != EOK) { +- DEBUG(SSSDBG_CRIT_FAILURE, +- "ipa_deskprofile_rule_check_memberhost() failed [%d]: %s\n", +- ret, sss_strerror(ret)); +- goto done; ++ if (hostcat != NULL && strcasecmp(hostcat, "all") == 0) { ++ host_prio = talloc_strdup(tmp_ctx, rule_prio); ++ if (host_prio == NULL) { ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ "Failed to allocate the host priority " ++ "when host category is \"all\"\n"); ++ ret = ENOMEM; ++ goto done; ++ } ++ ++ hostgroup_prio = talloc_strdup(tmp_ctx, rule_prio); ++ if (hostgroup_prio == NULL) { ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ "Failed to allocate the hostgroup priority " ++ "when host category is \"all\"\n"); ++ ret = ENOMEM; ++ goto done; ++ } ++ } else { ++ ret = ipa_deskprofile_rule_check_memberhost(tmp_ctx, domain, rule, ++ rule_name, rule_prio, ++ base_dn, hostname, ++ &host_prio, &hostgroup_prio); ++ if (ret != EOK) { ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ "ipa_deskprofile_rule_check_memberhost() failed [%d]: %s\n", ++ ret, sss_strerror(ret)); ++ goto done; ++ } + } + + ret = ipa_deskprofile_get_normalized_rule_name(mem_ctx, rule_name, +-- +2.14.3 + diff --git a/sssd.spec b/sssd.spec index 3320eab..be59165 100644 --- a/sssd.spec +++ b/sssd.spec @@ -34,7 +34,7 @@ Name: sssd Version: 1.16.0 -Release: 11%{?dist} +Release: 12%{?dist} Group: Applications/System Summary: System Security Services Daemon License: GPLv3+ @@ -122,6 +122,7 @@ Patch0078: 0078-confdb-Do-not-start-implicit_files-with-proxy-domain.patch Patch0079: 0079-test_files_provider-Regression-test-for-implicit_fil.patch Patch0080: 0080-BUILD-Add-missing-libs-found-by-Wl-z-defs.patch Patch0081: 0081-SELINUX-Check-if-SELinux-is-managed-in-selinux_child.patch +Patch0082: 0082-DESKPROFILE-Add-checks-for-user-and-host-category.patch Patch0502: 0502-SYSTEMD-Use-capabilities.patch Patch0503: 0503-Disable-stopping-idle-socket-activated-responders.patch @@ -1324,6 +1325,10 @@ fi %{_libdir}/%{name}/modules/libwbclient.so %changelog +* Wed Feb 14 2018 Fabiano FidĂȘncio - 1.16.0-12 +- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile + with no specific host/hostgroup set + * Wed Feb 07 2018 Lukas Slebodnik - 1.16.0-11 - Resolves: upstream#3618 - selinux_child segfaults in a docker container